diff options
author | Andrew Dolgov <[email protected]> | 2018-12-06 07:08:54 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2018-12-06 07:08:54 +0300 |
commit | 19e24b4fe2905656ea1c8576e00389396ec3a14e (patch) | |
tree | 7898a89f7396eb89378b89354636b9c44f9edbcc /classes/handler/public.php | |
parent | f33cd597be3f56b67eb23b42ae756b3c1397bf8a (diff) |
force cast profile id to integer when assigning to session variable
Diffstat (limited to 'classes/handler/public.php')
-rwxr-xr-x | classes/handler/public.php | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/classes/handler/public.php b/classes/handler/public.php index e216d7a36..2ad18fa1f 100755 --- a/classes/handler/public.php +++ b/classes/handler/public.php @@ -509,7 +509,7 @@ class Handler_Public extends Handler { if (clean($_POST["profile"])) { - $profile = clean($_POST["profile"]); + $profile = (int) clean($_POST["profile"]); $sth = $this->pdo->prepare("SELECT id FROM ttrss_settings_profiles WHERE id = ? AND owner_uid = ?"); @@ -517,7 +517,9 @@ class Handler_Public extends Handler { if ($sth->fetch()) { $_SESSION["profile"] = $profile; - } + } else { + $_SESSION["profile"] = null; + } } } else { |